Cybersecurity

Jonathan Zittrain's NYTimes Op-ed today, "Lost in the Clouds" ironically captured three of my big concerns/themes about the Internet and its natural outgrowth -- cloud computing.

• I recommend this op-ed because it pulls together a whole host of converging Internet issues that others generally treat separately.
• The problem with writing about these issues separately is that much of the richness of how these inter-related issues interact -- is lost.  

  Zittrain: "The cloud, however, comes with real dangers."

  • I agree. That has been much of the point of my 13 part series since the first of the year:
    • "The Open Internet's Growing Security Problem"

  Zittrain: "Worse, data stored online has less privacy protection both in practice and under the law."

"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question" said Michael Arrington of TechCrunch in a post defending his publishing of secret Twitter corporate information that was stolen from Twitter by "Hacker Croll" via Google's password system. See New York Times story.

Only last week I wrote a post "Why Security is Google's Achille's Heel."

My overall security thesis is simple.

Additional new evidence continues to spotlight the Open Internet's growing security problem, and underscore why President Obama effectively declared the lack of cybersecurity as the Internet's biggest problem in his cybersecurity address May 29th. 

• The growing catalogue of evidence from mainstream and official sources is getting harder and harder to ignore.

Google's launch of a new PC operating system on the heels of its announcement ending the "beta" phase for its popular gmail, Calendar, Docs and Talk applications, is happening in the midst of a new era where cyber-security has been made a new national priority and internet security breaches are increasingly serious and commonplace.

• All this naturally puts a spotlight on Google's approach to security, because Google is becoming increasingly central to so many people's Internet experience.

An examination of Google's own public representation of its corporate philosophy and design principles shows security/safety is simply not a priority for Google. In many respects, security is viewed as a hinderance to, or a drag on, Google's over-riding goal of speed-efficiency.

In Google's philosophy statement, "Ten things Google has found to be true" there is no mention of the importance of security/safety to Google or Google's users.

#3 point on the philosophy list says: "Fast is better than slow:"

A scan of the major comments just delivered to the FCC on the National Broadband Plan (which is due to Congress February 2010), spotlighted the big broadband policy "fork-in-the-road" decision that the FCC now has before it.

The President's Cybersecurity announcement 5-29 was a game changer for the Internet. For the first time the U.S. Government officially declared the lack of cybersecurity as the Internet's biggest problem.

• It is interesting to note there was instant disagreement with the President's assessment from some in the Web 2.0 world. Speakers at the Computers, Freedom, and Privacy conference in Washington this week said (per Washington Internet Daily) that:
  • "Cybersecurity threats in general are wildly overstated or portrayed as malevolent acts when some of the best known incidents have come through accidents or simple security holes."
• I have been writing this now twelve-part series: "The open Internet's growing security problem" since the beginning of the year, precisely because many continue to deny the growing mountain of evidence from mainstream sources that the Internet security problem is getting worse not better. 
• Fortunately, President Obama gets it.

Here is the latest mainstream evidence of the open Internet's growing security problem.

"Mysterious virus strikes FBI" ZDNet

I filed comments today on the FCC's Notice of Inquiry on the FCC's National Broadband Plan, which is required to be delivered to Congress by February 2010.

• I made three main points about the National Broadband Plan; it should:
  • Build upon America's strong foundation of success in developing facilities-based broadband competition in the vast majority of the U.S.;
  • Factor in the latest data which indicates the U.S. is not falling behind in broadband or economic competitiveness; and
  • Elevate cybersecurity as a national priority per the President's recent cybersecurity review.

My two-page comments, with links to several of my research pieces, can be found here.

The press release about my comments can be found here.

President Obama's new approach to cybersecurity likely is more of an Internet game-changer than many appreciate. Initial reporting and commentary has been superficial and has not connected dots or analyzed the broader logical implications of this new policy emphasis and trajectory.   

Why is it a game-changer for the Internet?

• First, it formalizes a new leading priority for the Internet.
• Second, it formalizes the lack of cybersecurity as the Internet's leading problem.
• Third, it practically redefines what "open Internet" means.
• Fourth, it practically takes any extreme form of net neutrality off the table. 

Moreover, the new cybersecurity focus will likely have a practical effect on the trajectory of Internet 3.0, which embodies:

• Cloud computing (where security has not been a primary priority by many);
• The Mobile web (where security has always been a very high priority); and
• The Internet of Things (where security will be imperative to prevent theft, intrusion, and sabotage).

I.   Cybersecurity -- New #1 Internet Priority

President Obama said:

New evidence continues to spotlight the Open Internet's growing security problem. 

"Network Based Security Is In Our Future" is an outstanding must-read analysis by Tom Tovar, CEO of Nominum.

Please read his full piece, its brief. Let me highlight some excellent points he made: